A really brief intro so this gets to you no later than it already is...

Several new Mydoom variants were released at the end of last week, with the interesting (if pointless) twist that their writer included a request for employment within the antivirus industry within the virus' code. Also, Sven Jaschan has now been formally indicted on computer sabotage charges in Germany for his alleged role in writing and releasing the Sasser worm.

Mac OS X administrators, admins of systems that use the imlib library and DB2 database system administrators should all be polishing up their patching test and rollout skills this week. Also, SOHO users of Windows XP, especially those without broadband connections, may consider an alternative to downloading SP2, and we have links to some interesting coverage of the links between spammers, malware and organized crime.

Virus News:

* Mydoom spawns quadruplets; seeks antivirus employment

At the end of last week four new Mydoom variants were discovered in quick succession, over what was roughly a 24-hour period spanning the 9th and 10th of September. These variants were all very similar, installing themselves to run at each system startup using the same basic method (but different filenames), mass-mailing itself to all e-mail addresses found by searching the Windows Address Book and all files with an extension drawn from a large list of file types. These new variants also download and install a backdoor which allows remote access to its victim's machines.

However, perhaps the most intriguing aspect of this rash of new Mydoom variants is hidden inside them, and never normally exposed. When analysing the viruses, a message the viruses contain no code to actually display is uncovered. 'We searching 4 work in AV industry' may seem plaintive to some, but if the desire is genuine it is sadly ironic that the person or people behind these variants can never use that fact on their résumés. It is widely accepted within the antivirus industry that known virus writers will never be employed in antivirus research or product development. A brief commentary on this is included in the second link to UK-based antivirus developer Sophos, below.

Typical naming confusion means that almost no two antivirus vendors call the same variants by the same names, as should be evident from reading a few of the linked descriptions below...

Telenor, a Norwegian telco, has shut down the central controlling node of a network of 'bots' - computers whose security has been compromised and a botnet agent installed. This botnet reputedly had more than 10,000 member bots, potentially available at the botnet controller's whim to run distributed denial of service (DDoS) attacks or pretty much anything else by uploading further software to the bots.

For more information on the general topic of botnets, please read the 'Hackers, spam and your PC...' item in the security section, and the links provided there.

In mid-May we reported that German teenager Sven Jaschan had admitted to writing the Sasser and Netsky worms. Last week prosecutors in Verden, Germany, formally indicted the 18-year-old student on computer sabotage charges related to his alleged involvement in creating the Sasser worm.

Not to plug one of our own publications [well, not to plug it much], but New Zealand PC World was one of the first computer magazines to carry Microsoft's official "Windows XP Service Pack 2 (with Advanced Security Technologies)" CDs as a cover CD. Other magazines were probably beaten by longer lead-times and the CD is likely to show up all over the place eventually, but why wait? The September issue of New Zealand PC World should be available from discerning bookstores and newsstands.

* Multiple Mac OS X security patches

Apple has released more security updates for Mac OS X 10.2.8, 10.3.4 and 10.3.5. These include patches that address security issues in such components as Apache, OpenSSH, Kerberos, IPSec and the Safari web browser.

Among other vulnerabilities, security researchers at NGS (Next Generation Security) Software report that IBM DB2 8.1 (with FixPak 6 or earlier) and 7.x (with Fixspak 11 or earlier) are vulnerable to remotely exploitable buffer overflows. Successful exploitation of these overflows could lead to execution of arbitrary code with the privileges of the DB2 process. NGS Software has released a very brief advisory (linked below), which includes URLs to the relevant IBM download pages for the latest FixPaks that address these vulnerabilities.

Two reporters from USA Today have filed a series of stories providing perhaps the most detailed coverage yet of the dynamics and economics, among other things, of botnets, spamming and the infiltration of the traditionally nerdy/geeky malware scene by organized crime. We have linked to the head story, but don't miss following the links in the 'Related Stories' sidebar.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.